v1.0.0-OneCrypto

What's Changed

• Feature: Reorganize and create OpensslPkg and MbedTlsPkg by @Flickdm in #178
• MbedTlsPkg: Fix Pkcs7Sign to parse DER cert instead of casting by @Flickdm in #186
• Crypto provider: Host Based Tests Enabling by @Flickdm in #185
• Build: Update README with CI and host test documentation by @Flickdm in #187
• Support Pkcs7Encrypt by @Flickdm in #184
• Adding Microsoft SECURITY.MD by @microsoft-github-policy-service[bot] in #182
• Build: Add BSD-2-Clause-Patent license file by @Flickdm in #192
• Repo File Sync: Bring in CI and github workflows by @mu-automation[bot] in #180
• Feature: Prepare Crypto Providers for OneCrypto by @Flickdm in #190
• Feature: OneCryptoPkg Original Implementation by @Flickdm in #189
• Remove duplicate license file by @Javagedes in #196
• Repo File Sync: synced file(s) with microsoft/mu_devops by @mu-automation[bot] in #197
• OpensslPkg: Fix Pkcs7GetCertificatesList by @Flickdm in #201
• Feature: OneCryptoPkg by @Flickdm in #195
• Fix OneCryptoPkg worfklows by @Flickdm in #205
• Build: Rename OneCrypto-Drivers artifacts to OneCrypto by @Flickdm in #206

New Contributors

• @microsoft-github-policy-service[bot] made their first contribution in #182

Full Changelog: https://github.com/microsoft/mu_crypto_release/commits/v1.0.0-OneCrypto

v1.1.3

What's Changed

• Adding branch protection build flag for Aarch64 flags @kuqin12 (#169)
  
  Change Details

    ## Description This change adds a branch protection build flag for Aarch64.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This change was tested on both QEMU SBSA and proprietary hardware that has pauth and bti enabled.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v1.1.2...v1.1.3

v1.1.2

What's Changed

• Repo File Sync: Sync changes to drop dev branch support by @mu-automation[bot] in #155
• Repo File Sync: Update files-path.yml for actions/labeler v6 by @mu-automation[bot] in #156
• Readme.rst: Update documentation for changes in build process by @apop5 in #158
• CryptoDriverBin: Publish an ALL flavor by @apop5 in #159
• OpenSslPkg\RuntimeCryptLib: Runtime should provide complete crypto implementation by @apop5 in #157

Full Changelog: v1.1.1...v1.1.2

v1.1.1

What's Changed

• Drop stuart git dependencies [Rebase & FF] by @makubacki in #152
• Repo File Sync: Update to Mu DevOps v17.0.1 by @mu-automation[bot] in #149

Full Changelog: v1.1.0...v1.1.1

v1.1.0

What's Changed

Released from the main branch.

• @Flickdm Correcting an issue where Crypto.h was not bring updated
• @Flickdm Correcting an issue where Crypto.h was not bring updated
• @Flickdm Updating the template-build.yaml to order correctly
• @Flickdm Update CryptoBinPkg/Driver/Packaging/generate_cryptodriver.py
• @Flickdm updating generate_cryptodriver.py to allow for custom ordering
• @Flickdm Pinning MU_BASECORE
• @Flickdm Fix incorrect line endings
• @Flickdm Support Pkcs7Encrypt
• @mu-automation[bot] Repo File Sync: Update to Mu DevOps v15.0.3
• @makubacki Readme.rst: Add OpensslPkg build instructions

v1.0.1

What's Changed

• Correct checks for StMm and Stmm_Supv conflicts. by @apop5 in #117

Full Changelog: v1.0.0...v1.0.1

v1.0.0

Adoption of Semantic Versioning

• Note: Shared Crypto follows semantic versioning. The version number is incremented based on the type of changes made to the shared crypto binaries. The version number is not tied to the version of the underlying crypto provider.
• Note: Prior to adopting semantic versioning in the 1.0.0 release, the version number followed a form of YYYY.MM.PATCH. The 1.0.0 release was the first to use semantic versioning and proceeds any of those versions.

Breaking Change - Standalone MM Integration

Two options are now provided for Standalone MM. It is important to select the option based on the Standalone MM core used on your platform:

• StandaloneMmPkg - Use STANDALONEMM_CRYPTO_SERVICES
• MmSupervisorPkg - Use STANDALONEMM_MMSUPV_CRYPTO_SERVICES

Since the MM Supervisor currently does not support AARCH64, only a X64 MM Supervisor Standalone MM binary is available. A platform should not have both STANDALONEMM_CRYPTO_SERVICES and STANDALONEMM_MMSUPV_CRYPTO_SERVICES set to non-NONE values.

What's Changed

• Use OpenSSL intrinsic lib for all archs by @makubacki in #96
• [Release/202311] CryptoBinPkg: Update EDKII_CRYPTO_VERSION from 17 to 18 by @Flickdm in #102
• generate_cryptodriver: Add useful versioning to shared crypto binaries by @makubacki in #105
• Remove temporary files from the published binary files by @kenlautner in #106
• Add PR test gates for Mu_Crypto_Release by @kenlautner in #104
• Update MU_BASECORE to include cherrypick subhook submodule by @Flickdm in #112
• Fix OpensslPkg CI by @makubacki in #114
• Add Non-MM Supervisor Standalone MM X64 Binary by @makubacki in #113
• Update instructions for semantic versioning by @makubacki in #115

Full Changelog: v2023.12.2...v1.0.0

v2023.12.2

What's Changed

• CryptoBinPkg: Add INFs generated with correct depex. @apop5 (#95)
  
  Change Details

    ## Description

  #94 Updated the generate_cryptodriver.py script to include the correct path to the DEPEX binary, but it failed to include the newly generated INF files.

  Now updating with the correctly generated INF files.

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Ran local build, replaced in mu_tiano_platforms and verified build failures were resolved (and q35 project booted).

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🐛 Bug Fixes

• CryptoBinPkg: Updated DEPEX statement in generated INF files to match new location @apop5 (#94)
  
  Change Details

    ## Description

  In packages generated before 2023.11.3, the generated INF files would reference a common DEPEX file for all the arches instead of being contained in the same folder as the generated EFI file.

  After the update for including map files, etc, the location of the DEPEX was in in the same folder as the EFI, MAP and PDB file.
  Updating the script generate the correct file location for the DEPEX.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Manually updated a project to use 2023.11.5 and encountered a build error because of the depex file path was mismatched.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2024.0.0...v2024.0.1

v2023.12.1

What's Changed

🐛 Bug Fixes

• CryptoBinPkg: Updated DEPEX statement in generated INF files to match new location @apop5 (#94)
  
  Change Details

    ## Description

  In packages generated before 2023.11.3, the generated INF files would reference a common DEPEX file for all the arches instead of being contained in the same folder as the generated EFI file.

  After the update for including map files, etc, the location of the DEPEX was in in the same folder as the EFI, MAP and PDB file.
  Updating the script generate the correct file location for the DEPEX.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Manually updated a project to use 2023.11.5 and encountered a build error because of the depex file path was mismatched.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2024.0.0...v2024.0.1

v2023.12.0

What's Changed

⚠️ Breaking Changes

• Reduce Crypto RNG Assumptions [Rebase \& FF] @makubacki (#88)
  
  Change Details

    ## Description

  NOTE: This PR should only be completed when we are sure that we would like to
  introduce a dependency on the RNG PPI and RNG Protocol for the PEI and DXE
  binaries.

  NOTE: This will need to be cherry-picked into the release/202302 branch
  (with the MU_BASECORE submodule updated).

  ---

  CryptoBinPkg.dsc: Use static stack cookie init for DXE

  Simplifies the RNG support expected of platforms integrating
  the DXE binary.

  ---

  CryptoBinPkg: Use PeiRngLib and DxeRngLib for crypto binaries

  Since platforms integrating the binaries may have very different
  levels of support for random number generation, allow the platform
  to provide a RNG service for PEI and DXE.

  A similar change may be made for SMM and Standalone MM environments
  in the future.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Build and platform integration
  • Verify RNG PPI/Protocol is present on the PEI and DXE binaries
  • Verify the PeiRngLib and DxeRngLib libraries can locate and use
    the RNG PPI and Protocol

  Integration Instructions

  • Read the readme update made in this change in the
    "Dependencies Built into Shared Crypto" section.
    

  
  

  ---

🚀 Features & ✨ Enhancements

• Reduce Crypto RNG Assumptions [Rebase \& FF] @makubacki (#88)
  
  Change Details

    ## Description

  NOTE: This PR should only be completed when we are sure that we would like to
  introduce a dependency on the RNG PPI and RNG Protocol for the PEI and DXE
  binaries.

  NOTE: This will need to be cherry-picked into the release/202302 branch
  (with the MU_BASECORE submodule updated).

  ---

  CryptoBinPkg.dsc: Use static stack cookie init for DXE

  Simplifies the RNG support expected of platforms integrating
  the DXE binary.

  ---

  CryptoBinPkg: Use PeiRngLib and DxeRngLib for crypto binaries

  Since platforms integrating the binaries may have very different
  levels of support for random number generation, allow the platform
  to provide a RNG service for PEI and DXE.

  A similar change may be made for SMM and Standalone MM environments
  in the future.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Build and platform integration
  • Verify RNG PPI/Protocol is present on the PEI and DXE binaries
  • Verify the PeiRngLib and DxeRngLib libraries can locate and use
    the RNG PPI and Protocol

  Integration Instructions

  • Read the readme update made in this change in the
    "Dependencies Built into Shared Crypto" section.
    

  
  

  ---

📖 Documentation Updates

• Reduce Crypto RNG Assumptions [Rebase \& FF] @makubacki (#88)
  
  Change Details

    ## Description

  NOTE: This PR should only be completed when we are sure that we would like to
  introduce a dependency on the RNG PPI and RNG Protocol for the PEI and DXE
  binaries.

  NOTE: This will need to be cherry-picked into the release/202302 branch
  (with the MU_BASECORE submodule updated).

  ---

  CryptoBinPkg.dsc: Use static stack cookie init for DXE

  Simplifies the RNG support expected of platforms integrating
  the DXE binary.

  ---

  CryptoBinPkg: Use PeiRngLib and DxeRngLib for crypto binaries

  Since platforms integrating the binaries may have very different
  levels of support for random number generation, allow the platform
  to provide a RNG service for PEI and DXE.

  A similar change may be made for SMM and Standalone MM environments
  in the future.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Build and platform integration
  • Verify RNG PPI/Protocol is present on the PEI and DXE binaries
  • Verify the PeiRngLib and DxeRngLib libraries can locate and use
    the RNG PPI and Protocol

  Integration Instructions

  • Read the readme update made in this change in the
    "Dependencies Built into Shared Crypto" section.
    

  
  

  ---

Full Changelog: v2023.11.5...v2024.0.0